How to add a CentOS to an existent pfSense openvpn configuration

agrozdanov · Jun 28, 2017, 2:04 AM

Good evening,

I wasn't able to find a related post even though I thought it is very common case.
I apologize if I skipped some and I am repeating an issue.

I have an existent openvpn- server configuration which is working fine up to now with my windows 8.1 desktop and iphone clients (actually after the last pfSense- update the openvpn- clients I have generated are not able to be installed anymore on Windows - it is giving a weird error, but I guess I will ask for this issue another time).

I would like to connect my centos server as a client to my openvpn- server.

Can you, please help out?

Thank you and Best Regards,

Asen

jimp · Jun 28, 2017, 3:11 PM

Use the export package and export an inline configuration using the "Others" button and that should work fine being passed to openvpn directly at a command line.

I'm not sure what, if anything, CentOS does special for OpenVPN so if you want to do that in a way which integrates better with CentOS you may have to manually enter configuration parameters somewhere inside CentOS.

whosmatt · Jun 30, 2017, 2:10 AM

It's been a while since I've done this, but I think this applies to CentOS 6 and probably 7 as well.

First, download the inline config from the pfSense client export package.

1. Install openvpn from the repos.

2. Copy the downloaded file to /etc/openvpn

3. Change the .ovpn extension to .conf

4. Set permissions to 0400 and verify ownership is root:root

5. Set the openvpn service to start at boot (chkconfig openvpn on)

6. Start openvpn.

7. Verify connectivity with iperf by looking for the tun0 adapter with IP address assigned by the OpenVPN server.

These were instructions I supplied for an environment where we are using pfSense as an OpenVPN server with CentOS 6 and RHEL6 servers as clients. The permissions settings aren't strictly necessary, but it's to prevent any non-root users from nabbing the certificates / keys contained in the config file.

agrozdanov · Jun 30, 2017, 1:34 PM

Thank you very much whosmatt!

Procedure:

sudo yum install epel-release
sudo yum install openvpn easy-rsa -y
Create from Inline Configuration -> Others
sudo cp file.ovpn /etc/openvpn/file.conf
sudo openvpn –config /etc/openvpn/file.conf

It is working perfectly now.

Best Regards,

agrozdanov

whosmatt · Jun 30, 2017, 11:39 PM

For what it's worth, if you start openvpn with the included init script ('service openvpn start') it will automatically connect to any client configuration with a .conf extension in /etc/openvpn. Otherwise you can just specify any config file on the command line, as you did. No need to rename the file or place in /etc/openvpn in the latter case.

agrozdanov · Jul 3, 2017, 6:59 PM

Hi whosmatt,
Thank you very much for the help!
Actually the CentOS server is one of my openvpn- clients since it is behind firewall I have no control on.
I have used sudo systemctl enable openvpn@pfSense-TCP… and it is working perfect. I am using TCP since it is thru ssh- tunnel.
I rebooted it several times and it is starting automatically after the start of my kvm. I am actually thinking to change the kvm with oVirt. Do you have any experience with it?
Best Regards,
agrozdanov